The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

TAG | advertising

Google is changing its terms of service to allow them to use your name and photo in advertisements to your friends. Most people seem to have been opted in to this by default, although some (including me) have found themselves defaulted out of the program.

If you are uncomfortable with your name, picture, and opinions appearing in ads from Google, just go to Google’s Shared Endorsements Settings page. The page describes the program. At the bottom you will find a checkbox. Uncheck it, and click “Save”.

· ·

Google and other online advertising companies like Vibrant Media, Media Innovation Group, and PointRoll, are using a flaw in Safari on iOS to track you despite your privacy settings.

iOS Safari is set by default to reject tracking cookies from 3rd party websites. That means that unless you are directly and intentionally interacting with a site it should not be able to cookie and track you. Specifically that is intended to prevent tracking by advertisers displaying banner ads on websites.

The hack is that these advertisers use a script within the website to cause submit an invisible web form to the advertising website, which looks to Safari like you directly interacted with that site and so allows the site to send a cookie. Another flaw in Safari causes those cookies to be returned to the 3rd party sites once they have been set.

Apple is saying that they will address the issue. Google is blaming Apple for breaking with web standards (even though almost all browsers support blocking 3rd party cookies iOS Safari is unusual in making this the default).

My suggestion:

  1. On your iOS device (iPhone, iPad, iPod Touch) go to “Settings”, select “Safari”, scroll down and “Clear Cookies and Data”. Do this frequently.
  2. Don’t log into Google or other social media sites through the browser, only use the dedicated apps.
  3. Use those social media apps to “like” or “+1” content, rather than doing so in the browser.
  4. Protect your IP address with a tool like Anonymizer Universal so these sites can’t just use your IP address in place of cookies to track you when you are at home or work on a WiFi connection with a long term IP address.

The WSJ had the first article I saw on this, but it is paywalled.

9 to 5 Mac has a nice article on it.

John Battelle’s searchblog tries to look at this issue from both sides.

· · ·

The WSJ reports on a recent FTC report endorsing the concept of a universal “do not track” registry similar to the “do not call” list. Predictably the advertising companies are unhappy, and privacy advocated are cheering.

I think that some kind of outside regulation is necessary and inevitable. Self regulation has not worked, and is very unlikely to work in the future. The self interest of the targeted marketers is too diametrically opposed to the principles of transparency and personal control.

The WSJ quotes Rob Norman, chief executive of WPP PLC’s GroupM North America, which buys ads on behalf of corporate clients as whining “FTC endorses ‘do not track’; an emotional goodbye to free content so kindly funded by advertisers.” Lets be clear, there is no “kindly” about it. This is all about making money for the advertiser. The “free content” is simply a delivery vehicle for ads.

Right now the exchange of information and access to the viewer is implicit. This proposal makes it explicit. I see no reason why sites could not, or should not, be set up to require users to opt in to be able to access the content. I would then have the ability to choose to opt out, go elsewhere, or pay to be free of tracking.

The rapidly increasing use of “evercookies” and other very hard to remove tracking techniques shows just how resistant to user control these companies really are. Where the tools and standards exist for users to delete tracking information, the marketing companies are creating new tools to make your choices ineffective.

As if more proof were needed, the marketing companies suggest opting out through their about ads website. Of course, if you want to opt out, you must enable third party cookies on your browser, which simultaneously exposes you to much more effective and intrusive monitoring.

Anonymizer will continue to innovate with new technologies to stay ahead of this arms race with tools like our new “Nevercookie” plugin.

· · · · · · ·

The Wall Street Journal reports that a small group of on-line tracking companies are forming a project to enable those being tracked to see their profiles, and to opt out of tracking. The project, called the “Open Data Partnership” will launch in January. It membership consists of eight tracking firms including BlueKai Inc., Lotame Solutions Inc. and eXelate Inc.

Because this program does not include the majority of companies which track users it is unlikely to have a significant impact on your actual privacy, but it is a worthy experiment and I hope many people will take advantage of it to opt out of at least this tracking.

On-line ads covered by this program will be marked with a small “i” in a blue triangle. If you click on that you should be able to see and modify your stored information, profile, and tracking options.

· · · · ·